package com.example.schoolmanage.Config;

import com.example.schoolmanage.service.SecurityUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)//注解授权开启
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    SecurityUserService securityUserService;

   @Override
   protected void configure(HttpSecurity http) throws Exception {//定制请求的授权规则
       //导入指定的UserDatil
       http.userDetailsService(securityUserService);
       //关闭csrf,默认开启，导致无法post请求
       http.csrf().disable();

       /*取消登录验证方法
         只开启/**的permitAll()，，或者将登录配置全表注释掉
         将接口上的角色注解注释掉*/
       http.authorizeRequests()//开启登录配置
                // .antMatchers("/getallStudent").hasRole("admin")
               //.antMatchers("/login").permitAll()
               .antMatchers("/**").permitAll();
               //.anyRequest().authenticated()//其他所有请求都需要先登录
               //.and().formLogin().permitAll()//表单登录相关接口都放行
               //.and().logout().permitAll();//登出放行

//               .loginPage("/login.html")//自定义登录界面
//               .loginProcessingUrl("/login")//登录处理接口，自定义登录页码将用户名和密码发到默认登录接口处理
//               .usernameParameter("username")//自定义界面提交表单中用户名的key
//               .passwordParameter("password");//自定义界面提交表单中密码的key
               //.successHandler()








   }
}